<?php
// +----------------------------------------------------------------------
// | ThinkPHP [ WE CAN DO IT JUST THINK IT ]
// +----------------------------------------------------------------------
// | Copyright (c) 2009 http://thinkphp.cn All rights reserved.
// +----------------------------------------------------------------------
// | Licensed ( http://www.apache.org/licenses/LICENSE-2.0 )
// +----------------------------------------------------------------------
// | Author: liu21st <liu21st@gmail.com>
// +----------------------------------------------------------------------

class PublicAction extends Action {
	// 检查用户是否登录

	protected function checkUser() {
		if(!isset($_SESSION[C('USER_AUTH_KEY')])) {
			$this->assign('jumpUrl','__APP__/Public/login');
			$this->error('没有登录');
		}
	}

	// 顶部页面
	public function top() {
		$this->checkUser();
		C('SHOW_RUN_TIME',false);			// 运行时间显示
		C('SHOW_PAGE_TRACE',false);
		$menu = M('Menu');
		$map['status'] = 1;
		$map['pid'] = 1;
		$list	=	$menu->where($map)->getField('id,name');
		$this->assign('menuList',$list);
		$this->display();
	}
	// 尾部页面
	public function footer() {
		C('SHOW_RUN_TIME',false);			// 运行时间显示
		C('SHOW_PAGE_TRACE',false);
		$this->display();
	}
	// 菜单页面
	public function menu() {
		$this->checkUser();
		if(isset($_SESSION[C('USER_AUTH_KEY')])) {
			//显示菜单项
			$menu_list  = array();
			$pid = $_GET['tag'] ? $_GET['tag'] : 0;
			if(isset($_SESSION['menu'.$_SESSION[C('USER_AUTH_KEY')].$pid])) {
				//如果已经缓存，直接读取缓存
				$menu_list   =   $_SESSION['menu'.$_SESSION[C('USER_AUTH_KEY')].$pid];
			}else {
				//读取数据库模块列表生成菜单项
				$menu = D('Menu');
				$menu_list = $menu->getMenuByPid($pid);
				//缓存菜单访问
				$_SESSION['menu'.$_SESSION[C('USER_AUTH_KEY')].$pid]	=	$menu_list;
			}
			if(!empty($_GET['tag'])){
				$this->assign('menuTag',$_GET['tag']);
			}
			if ($pid == 0) unset($menu_list);
			$this->assign('menu',$menu_list);
		}
		C('SHOW_RUN_TIME',false);			// 运行时间显示
		C('SHOW_PAGE_TRACE',false);
		$this->display();
	}

	// 后台首页 查看系统信息
	public function main() {
		$this->display();
	}

	// 用户登录页面
	public function login() {
		if(!isset($_SESSION[C('USER_AUTH_KEY')])) {
			$this->display();
		}else{
			$this->redirect('Index/index');
		}
	}

	public function index()
	{
		//如果通过认证跳转到首页
		redirect(__APP__);
	}

	// 用户登出
	public function logout(){
		if(isset($_SESSION[C('USER_AUTH_KEY')])) {
			unset($_SESSION[C('USER_AUTH_KEY')]);
			unset($_SESSION);
			session_destroy();
			$this->assign("jumpUrl",__URL__.'/login/');
			$this->success('登出成功！');
		}else {
			$this->error('已经登出！');
		}
	}

	// 登录检测
	public function checkLogin() {
		if(empty($_POST['account'])) {
			$this->error('帐号错误！');
		}elseif (empty($_POST['password'])){
			$this->error('密码必须！');
		}elseif (empty($_POST['verify'])){
			$this->error('验证码必须！');
		}
		//生成认证条件
		$map            =   array();
		// 支持使用绑定帐号登录
		$map['user']	= $_POST['account'];
		$map["status"]	=	array('gt',0);
		if($_SESSION['verify'] != md5($_POST['verify'])) {
			$this->error('验证码错误！');
		}
		import ( '@.ORG.RBAC' );
		$authInfo = RBAC::authenticate($map);
		//系统后台限制非管理员登入
		if($authInfo['role_id'] > 0){
			$role	 =	 D("Role");
			$vo = $role->getById($authInfo['role_id']);
			$_SESSION['isadmin'] = true;
			if (is_numeric($vo['isadmin']) && $vo['isadmin'] != 1){
				$this->error('非管理员不允许登录');
				$_SESSION['isadmin'] = false;
			}
			if (is_numeric($vo['isadmin']) && $vo['isadmin'] == 1){
				$_SESSION['isadmin'] = true;
			}
		}
		//使用用户名、密码和状态的方式进行认证
		if(false === $authInfo) {
		    $this->error('帐号不存在或已禁用！');
		}else {
			if($authInfo['pass'] != md5($_POST['password'])) {
				$this->error('密码错误！');
			}
			$_SESSION[C('USER_AUTH_KEY')]	=	$authInfo['id'];
			$_SESSION['email']	=	$authInfo['email'];
			$_SESSION['loginUserName']		=	$authInfo['name'];
			$_SESSION['lastLoginTime']		=	$authInfo['last_login_time'];
			$_SESSION['login_count']	=	$authInfo['login_count'];
			if(($authInfo['account']=='admin') or ($authInfo['role_id']==1)) {
				$_SESSION['administrator']		=	true;
			}
			//保存登录信息
			$User	=	M('User');
			$ip		=	get_client_ip();
			$time	=	time();
			$data = array();
			$data['id']	=	$authInfo['id'];
			$data['last_login_time']	=	$time;
			$data['login_count']	=	array('exp','login_count+1');
			$data['last_login_ip']	=	$ip;
			$User->save($data);
			// 缓存访问权限
			RBAC::saveAccessList();
			$this->success('登录成功！');
		}
	}
	// 更换密码
	public function changePwd(){
		$this->checkUser();
		//对表单提交处理进行处理或者增加非表单数据
		if(md5($_POST['verify'])	!= $_SESSION['verify']) {
			$this->error('验证码错误！');
		}
		$map	=	array();
		$map['password']= pwdHash($_POST['oldpassword']);
		if(isset($_POST['account'])) {
			$map['account']	 =	 $_POST['account'];
		}elseif(isset($_SESSION[C('USER_AUTH_KEY')])) {
			$map['id']		=	$_SESSION[C('USER_AUTH_KEY')];
		}
		//检查用户
		$User    =   M("member");
		if(!$User->where($map)->field('id')->find()) {
			$this->error('旧密码不符或者用户名错误！');
		}else {
			$User->password	=	pwdHash($_POST['password']);
			$User->save();
			$this->success('密码修改成功！');
		 }
	}
	public function profile() {
		$this->checkUser();
		$User	 =	 M("member");
		$vo	=	$User->getById($_SESSION[C('USER_AUTH_KEY')]);
		$this->assign('vo',$vo);
		$this->display();
	}
	 public function verify(){
		$type	 =	 isset($_GET['type'])?$_GET['type']:'gif';
		import("@.ORG.Image");
		Image::buildImageVerify(4,1,$type);
	}
	// 修改资料
	public function change() {
		$this->checkUser();
		$User	 =	 D("User");
		if(!$User->create()) {
			$this->error($User->getError());
		}
		$result	=	$User->save();
		if(false !== $result) {
			$this->success('资料修改成功！');
		}else{
			$this->error('资料修改失败!');
		}
	}
}
?>
